Captchas. No, I didn’t sneeze.

Are captchas annoying to you?  They are to me.  I probably fail at solving them about 15% of the time, which is far too often for my liking.  They get annoying, and as spammers find ways to automate solving them, the captchas continue to get more difficult to read.

Someone who knows a lot about combating spam, and has done a pretty darned good job at it, Matt Mullenweg, suggests in a recent Guardian article that “…Captchas are useless for spam because they’re designed to tell you if someone is ‘human’ or not, but not whether something is spam or not.”  I would have to agree.

There are many efforts to improve upon Catpchas, such as the 3-D Captcha.  In my opinion, this is just making things more complicated than necessary, and would be difficult to implement easily on a typical blog or contact form.

I run about 6 to 8 blogs (depending on my mood from week to week), and have been reluctant to use Captchas on any of them, partly out of usability concerns, but also because they are so easy to fail.  Instead, for my blog comments, I rely upon Mullenweg’s own Kismet spam system.  This feature is built into WordPress blogs, which makes it a breeze to set up, and I am constantly amazed at the loads of spam comments that it stops.

As Mullenweg suggests, focusing on the content rather than the submitter, is the way to go in the long term, and Kismet is great at doing that.

However, I also rely on a simpler test to determine if someone is a human or not mainly because it’s not as annoying as a Captcha, and it prevents a lot of spam comments from making it through in the first place.  It’s easy to add a basic question to a form which must be answered correctly in order for the form to be submitted succesfully.  Questions could be as simple as:

  • What color is an orange?
  • What is 3 plus 3?
  • How many wheels does a car have?

There is a great WordPress plugin which provides this capability and is relatively easy to set up called the Secure and Accessible PHP Contact Form.  If you run any WordPress blogs, I recommend you try it out.

By having a list of simple questions that are randomly selected to appear on your forms, you can stop automated scripts from filling out your forms quite easily.  This, combined with Kismet, a content-based filter of what gets submitted, will pretty much stop spammers in their tracks without creating a hassle for your visitors.

Setting up Samba Shares on RedHat Enterprise 5

My goal was to set up a network share on a RHEL5 server using Samba, so that our Windows users could access the shared folder from their desktops.  It was difficult to find any information on doing this and nothing else, such as setting up Samba as a domain controller, which I was not interested in.  Sometimes Google gives you more than you want.

If you are running RedHat Enterprise 5, and are interested in setting up Samba shares for Windows users to access, read on.  This may work for other flavors of Linux, and older versions of RHEL, but I can’t vouch for that.

First, make sure the correct Samba packages are installed:

<span style="color: #808080;">#&gt; rpm -qa |grep samba
samba-client-3.0.28-1.el5_2.1
samba-3.0.28-1.el5_2.1
samba-common-3.0.28-1.el5_2.1
system-config-samba-1.2.39-1.el5</span>

If these are not installed, use yum to grab them and install them.

You may need to open ports in the system firewall so that all of this will work.  The ports that need to be open for Samba to work are:

<span style="color: #808080;">139 and 445</span>

It’s easiest to do this from your RedHat gui (System > Administration > Security Level and Firewall).

Next, set up the smb service to run at boot time:

<span style="color: #808080;">#&gt; chkconfig smb on</span>

In RedHat, this will also cause the nmb service to run, which is fine.

Now, start Samba:

<span style="color: #808080;">#&gt; service smb start</span>

Now, create the directory you want to share.  For this example, I will make it simple:

<span style="color: #808080;">#&gt; mkdir /dv1</span>

Set permissions accordingly.  In my scenario, I wanted our developers to all be able to access this directory from Windows, and they were all part of the ‘developers’ group on my RedHat server, so I set the permissions like so:

<span style="color: #808080;">#&gt; chown developers.developers /dv1
#&gt; chmod 755 /dv1</span>

In order to get Samba to share this directory, I had to add the appropriate policies for SELinux, which are mentioned in the smb.conf file.  Assuming you are running SELinux (it’s default with RedHat Enterprise 5), these can be added at the command line.

Since you created a new directory that will be shared with Samba (the ‘dv1′ directory you created earlier), a label must be set for that as well.  Using ‘dv1′ as the directory name, run this:

To set a label use the following:

<span style="color: #808080;">#&gt;  chcon -t samba_share_t /dv1</span>

Now to configure the Samba configuration file.  Always make a backup of the original before editing any config file!

<span style="color: #808080;">#&gt; cp /etc/samba/smb.conf /etc/samba/smb.conf.orig</span>

To edit the config file, do this:

<span style="color: #808080;">#&gt; nano /etc/samba/smb.conf</span>

Under [global] settings, uncomment the necessary lines and make changes so that it looks something like this:

<span style="color: #808080;">workgroup = YourWindowsWorkgroupName
</span><span style="color: #808080;">server string = YourRedhatServerName</span><span style="color: #808080;">
netbios name = YourRedhatServerName
hosts allow = 127.0.0.1 192.168.1.</span>

Leave everything else in that section the way it is.

Note:  the 192.168.1.  address needs to be that of your local network.

Then under Standalone Server Options:

    <span style="color: #808080;">security = user</span>

<span style="color: #808080;">    passdb backend = tdbsam</span>

I commented out all Printer sharing crap since I didn’t use any of that.

Lastly, under Share Definitions:

<span style="color: #808080;">[homes]</span>

<span style="color: #808080;">        comment = Home Directories</span>

<span style="color: #808080;">        browseable = no</span>

<span style="color: #808080;">        writeable = yes</span>

<span style="color: #808080;">;       valid users = %S</span>

<span style="color: #808080;">;       valid users = MYDOMAIN%S</span>

<span style="color: #808080;">
;[printers]</span>

<span style="color: #808080;">;       comment = All Printers</span>

<span style="color: #808080;">;       path = /var/spool/samba</span>

<span style="color: #808080;">;       browseable = no</span>

<span style="color: #808080;">;       guest ok = no</span>

<span style="color: #808080;">;       writeable = no</span>

<span style="color: #808080;">;       printable = yes</span>

<span style="color: #808080;">
[dv1]</span>

<span style="color: #808080;">        comment = My dog has fleas</span>

<span style="color: #808080;">        path = /dv1/</span>

<span style="color: #808080;">        valid users = user1,user2,user3</span>

<span style="color: #808080;">        public = no</span>

<span style="color: #808080;">        writeable = yes</span>

<span style="color: #808080;">        create mask = 0765</span>

Obviously, swap out user1,user2,user3 with the users who will be accessing this share.  You put the username for the RedHat box you are on, not the Windows username (unless it’s the same).

Save the file and go back to the command line. Test it out by running this:

<span style="color: #808080;">#&gt; testparm</span>

You shouln’t see any error reported.  If all is good, run this:

<span style="color: #808080;">#&gt; service smb restart</span>

You will see smb and nmb stop and restart.  There should be no errors or “FAILED” notices.

Assuming your users already have accounts on your RedHat box, you need to add them to Samba like so:

<span style="color: #808080;">#&gt; smbpasswd -a username</span>

<span style="color: #808080;">New SMB password:</span>

<span style="color: #808080;">Retype new SMB password:</span>

I set a temporary password here, then ask them to change it next time they log into the server at the command line by running this:

<span style="color: #808080;">#&gt; smbpasswd</span>

It will prompt them for their old password (the temporary one you just gave them), and for the new one.

Once all that is done and you have set your own Samba password, you should be able to do this from Windows:

Go to Start and select Run.  Type in the hostname of your RedHat server (which you specified in the smb.conf file) like so:

<span style="color: #808080;">\YourRedhatServerName</span>

You will be prompted for a username and password, and you should enter the RedHat server login name and the Smaba password that you just created.

If all goes well, a window will appear which shows the dv1 directory.  You can now drag, drop, copy, and paste to and from this folder as if it were on your Windows machine!

Some CSS Resources

I found an excellent resource for Cascading Style Sheets (CSS), which has a list of great tutorials and examples for the beginner or intermediate CSS user. These are the basics when any developer or designer should have a handle on:

9 Top CSS Essential Skills That Every Web designer Should Learn

If you are looking for something a bit more advanced and on the bleeding edge, check out CSS Tricks, an excellent site with video tutorials and LOTS of other great CSS and design-related things. The author of the site is into jQuery too, so he has a lot of blog posts about tips and tricks related to that. Great stuff!

Apple Doesn’t Understand This “Secure” Thing

For years, people have loved Apples and Macs because of their relative security when compared to the likes of Microsoft, who are the target of tens of thousands of viruses, worms, trojans, and other types of malicious programming.

A large part of this has been because of the prevalence of Microsoft Windows, and the fact that Macs make up a tiny little percentage of the home or office computer realm.  However, ever since Apple released the iPhone, it would seem as if they have taken a step out into the world of the unknown, venturing into new territories where no one has gone before.

The problem is, many people have already been in these territories for many years, and Apple obviously has not been paying attention.  It’s like they never considered the thought that once they started venturing outside of the obscure marketshare into the eye of the general public, they too would become targeted by script kiddies, spammers, and all-around evildoers.

The fact of the matter is, Apple, Macs, iThings, and everything else they are doing IS being targeted more now than ever before, and unfortunately, Apple is sitting around wondering why instead of doing anything about it.

Take, for example, this new TechCrunch article explaining a simple way for spammers to harvest all the email addresses of MobileMe users.

From the article:

Apple knows about the problem but insists it isn’t an issue because no one has complained publicly. An Apple representative said to one of our readers: “We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry.”

Um…ok.  So if I use MobileMe, I can expect a lot of spam.  Maybe they think I’ll get used to it.

TechCrunch goes as far as suggesting that Apple is falling apart at the seams.  They suggest failures with customer service and security exploits as warning signs.  The sad part is, Apple seems to either not care about fixing things, or just not get it, both of which are starting to come off as being arrogant.

Look at the recent ‘patching’ Apple did with the widely-publicized DNS spoofing vulnerability last month.  While every other vendor quickly tackled the problem, Apple released a patch that fixed only their server products, leaving their entire desktop user base still vulnerable.  It took them two more weeks, but on August 15 they finally patched it for everyone.

The nature of being secure, in my opinion, relies upon being open, recognizing vulnerabilities, and taking them head-on.  That’s why there is such a large, active community of security-aware researchers, vendors, and system administrators out there.  Apple seems to be shying away from all of this, perhaps out of naivity, perhaps out of conceit.

Whatever the case, I sincerely hope they come to their senses before it is too late.

SSH Apps for iPhone

Just before the iPhone/iPod Touch 2.0 update, I restored my iPod Touch
after having had it jailbroken for a few months. One of the immediate
things I missed was the SSH client. Then I learned that recently, a few
SSH clients had popped up in the App Store, which pleased me to no end,
especially once I discovered the best one to use.

Thanks to Mr. Cooper, who had already done the research, I downloaded
Touch Term, which is a pretty slick little SSH application. There are
certainly a few things lacking, which is explained in this nice article about all the available
SSH apps
, but it certainly gets the job done.

And really, this was about the only reason I still considered
jailbreaking my 2.0 iTouch. Now, however, I don’t think I need to.

Big Foot Hoax

Last week there was a lot of buzz online regarding the discovery of a
dead sasquatch.
I’m sure you probably heard about it.

I watched the news conference led by the two guys in northern Georgia
(the state, not the country) who had allegedly discovered the
body
while out hiking. After the news conference, I had my doubts.
The ‘expert’ that these men had recruited started blinking really fast
when directly questioned about certain topics, and it led me to believe
he was lying. Then he showed some blurry photos and didn’t offer any
real proof that what they claimed happened actually did. If you have a
dead big foot sitting in your garage, even a yokel from Georgia could
take a decent picture with a digital camera.

Apparently the men who discovered the body sold it to some researchers.
This is where the impetus behind the hoax comes in. Once the
researchers decided to unfreeze it, the truth came out. A
doggone monkey suit!

But on the other hand, don’t you love monkey suits? I remember my
grandmother made me one as a halloween costume when I was about 10.
Actually, it was a gorilla suit, but it was still fun. It was the only
gorilla in the neighborhood who wore sneakers.